[RFC] group entropy for hiding lookup initiator in a distributed hash tables
https://ift.tt/2zg74QB
Submitted October 31, 2018 at 04:49PM by gpestana
via reddit https://ift.tt/2qkC6CQ
https://ift.tt/2zg74QB
Submitted October 31, 2018 at 04:49PM by gpestana
via reddit https://ift.tt/2qkC6CQ
reddit
r/Rad_Decentralization - [RFC] group entropy for hiding lookup initiator in a distributed hash tables
2 votes and 1 comment so far on Reddit
Analyzing the root DNSSEC key rollover
https://ift.tt/2P4ZqUg
Submitted October 31, 2018 at 05:30PM by pimterry
via reddit https://ift.tt/2ADlAEf
https://ift.tt/2P4ZqUg
Submitted October 31, 2018 at 05:30PM by pimterry
via reddit https://ift.tt/2ADlAEf
reddit
r/netsec - Analyzing the root DNSSEC key rollover
1 vote and 0 comments so far on Reddit
JNDIAT - Penetration testing tool that tests the security of Weblogic servers through T3 protocol
https://ift.tt/2Js9Rer
Submitted October 31, 2018 at 07:52PM by HeadProfessional
via reddit https://ift.tt/2DdhHYV
https://ift.tt/2Js9Rer
Submitted October 31, 2018 at 07:52PM by HeadProfessional
via reddit https://ift.tt/2DdhHYV
GitHub
quentinhardy/jndiat
JNDI Attacking Tool. Contribute to quentinhardy/jndiat development by creating an account on GitHub.
Triage Planning: What Can Security Teams Learn From First Responders? - Red Canary
https://ift.tt/2JqUaE9
Submitted October 31, 2018 at 07:38PM by fireh7nter
via reddit https://ift.tt/2DfRrxf
https://ift.tt/2JqUaE9
Submitted October 31, 2018 at 07:38PM by fireh7nter
via reddit https://ift.tt/2DfRrxf
Red Canary
Triage Planning: What Can Security Teams Learn From First Responders? - Red Canary
See how our CIRT fought a flare-up in Emotet infections by taking a step back from the mass of alerts to devise a proactive triage strategy.
Jok3r - Network and Web Pentest Framework
https://ift.tt/2OhGCM2
Submitted October 31, 2018 at 08:16PM by HeadProfessional
via reddit https://ift.tt/2yQJSt9
https://ift.tt/2OhGCM2
Submitted October 31, 2018 at 08:16PM by HeadProfessional
via reddit https://ift.tt/2yQJSt9
GitHub
koutto/jok3r
Jok3r - Network and Web Pentest Framework. Contribute to koutto/jok3r development by creating an account on GitHub.
The 90s Called, and They Want Their Hacks Back: Memoirs of an Amateur Hacker.
https://ift.tt/2NPzztS
Submitted October 31, 2018 at 08:09PM by xenexfor
via reddit https://ift.tt/2yQJTxd
https://ift.tt/2NPzztS
Submitted October 31, 2018 at 08:09PM by xenexfor
via reddit https://ift.tt/2yQJTxd
Medium
Memoirs of an Amateur Hacker
Macs during the ’90s were awesome. So easy to use, so graphical, so insecure.
CVE-2018-9411: New critical vulnerability in multiple high-privileged Android services
https://ift.tt/2qjqSyJ
Submitted October 31, 2018 at 10:05PM by domen_puncer
via reddit https://ift.tt/2QaOjFt
https://ift.tt/2qjqSyJ
Submitted October 31, 2018 at 10:05PM by domen_puncer
via reddit https://ift.tt/2QaOjFt
Zimperium Mobile Security Blog
CVE-2018-9411: New critical vulnerability in multiple high-privileged Android services | Zimperium Mobile Security Blog
As part of our platform research in Zimperium zLabs, I have recently discloseda a critical vulnerability affecting multiple high-privileged Android services to Google. Google designated it as CVE-2018-9411 and patched it in the July security update (2018…
LightSpeed, a race for an iOS/MacOS sandbox escape
https://ift.tt/2yIMGbp
Submitted October 31, 2018 at 10:40PM by mabote
via reddit https://ift.tt/2Js0uv2
https://ift.tt/2yIMGbp
Submitted October 31, 2018 at 10:40PM by mabote
via reddit https://ift.tt/2Js0uv2
reddit
r/netsec - LightSpeed, a race for an iOS/MacOS sandbox escape
4 votes and 0 comments so far on Reddit
Facebook Business Takeover
https://ift.tt/2Sth6GQ
Submitted November 01, 2018 at 12:11AM by mangojangofett
via reddit https://ift.tt/2DeDVcZ
https://ift.tt/2Sth6GQ
Submitted November 01, 2018 at 12:11AM by mangojangofett
via reddit https://ift.tt/2DeDVcZ
The /r/netsec Monthly Discussion Thread - November 2018
OverviewQuestions regarding netsec and discussion related directly to netsec are welcome here.Rules & GuidelinesAlways maintain civil discourse. Be awesome to one another - moderator intervention will occur if necessary.Avoid NSFW content unless absolutely necessary. If used, mark it as being NSFW. If left unmarked, the comment will be removed entirely.If linking to classified content, mark it as such. If left unmarked, the comment will be removed entirely.Avoid use of memes. If you have something to say, say it with real words.All discussions and questions should directly relate to netsec.No tech support is to be requested or provided on /r/netsec.As always, the content & discussion guidelines should also be observed on /r/netsec.FeedbackFeedback and suggestions are welcome, but don't post it here. Please send it to the moderator inbox.
Submitted November 01, 2018 at 10:06AM by AutoModerator
via reddit https://ift.tt/2Qalkl8
OverviewQuestions regarding netsec and discussion related directly to netsec are welcome here.Rules & GuidelinesAlways maintain civil discourse. Be awesome to one another - moderator intervention will occur if necessary.Avoid NSFW content unless absolutely necessary. If used, mark it as being NSFW. If left unmarked, the comment will be removed entirely.If linking to classified content, mark it as such. If left unmarked, the comment will be removed entirely.Avoid use of memes. If you have something to say, say it with real words.All discussions and questions should directly relate to netsec.No tech support is to be requested or provided on /r/netsec.As always, the content & discussion guidelines should also be observed on /r/netsec.FeedbackFeedback and suggestions are welcome, but don't post it here. Please send it to the moderator inbox.
Submitted November 01, 2018 at 10:06AM by AutoModerator
via reddit https://ift.tt/2Qalkl8
Reddit
Technical Information Security Content & Discussion
/r/netsec is a community-curated aggregator of technical information security content. Our mission is to extract signal from the noise — to provide value to security practitioners, students, researchers, and hackers everywhere.
Using ActiveDirectory module for Domain Enumeration from PowerShell Constrained Language Mode
https://ift.tt/2JsAqQu
Submitted November 01, 2018 at 09:37AM by SamratAsh0k
via reddit https://ift.tt/2Ddmutm
https://ift.tt/2JsAqQu
Submitted November 01, 2018 at 09:37AM by SamratAsh0k
via reddit https://ift.tt/2Ddmutm
Labofapenetrationtester
Using ActiveDirectory module for Domain Enumeration from PowerShell Constrained Language Mode
Home of Nikhil SamratAshok Mittal. Posts about Red Teaming, Offensive PowerShell, Active Directory and Pen Testing.
Trickbot Shows Off New Trick: Password Grabber Module
https://ift.tt/2qmv3K3
Submitted November 01, 2018 at 08:17PM by EvanConover
via reddit https://ift.tt/2OYXnRk
https://ift.tt/2qmv3K3
Submitted November 01, 2018 at 08:17PM by EvanConover
via reddit https://ift.tt/2OYXnRk
Trendmicro
Trickbot Shows Off New Trick: Password Grabber Module - TrendLabs Security Intelligence Blog
Trickbot (detected by Trend Micro as TSPY_TRICKBOT.THOIBEAI) now has a password grabber module that steals access from several applications and browsers.
Cisco Security: Zero-day in SIP inspection engine of ASA 9.4+ and FTD 6.0+ software.
https://ift.tt/2F6EQ1d
Submitted November 01, 2018 at 09:08PM by QuirkySpiceBush
via reddit https://ift.tt/2EWrILU
https://ift.tt/2F6EQ1d
Submitted November 01, 2018 at 09:08PM by QuirkySpiceBush
via reddit https://ift.tt/2EWrILU
Cisco
Cisco Security Threat and Vulnerability Intelligence
The Cisco Security portal provides actionable intelligence for security threats and vulnerabilities in Cisco products and services and third-party products.
On Cross-Site Scripting and Content Security Policy
https://ift.tt/2qj1by8
Submitted November 01, 2018 at 10:12PM by emididam
via reddit https://ift.tt/2SwhMeR
https://ift.tt/2qj1by8
Submitted November 01, 2018 at 10:12PM by emididam
via reddit https://ift.tt/2SwhMeR
Telerik Blogs
On Cross-Site Scripting and Content Security Policy
Been considering your app's security this month? This Halloween, here's some security advice to help keep you safe from hackers and avoid any spooky surprises.
On Cross-Site Scripting and Content Security Policy
https://ift.tt/2qj1by8
Submitted November 01, 2018 at 10:12PM by emididam
via reddit https://ift.tt/2SwhMeR
https://ift.tt/2qj1by8
Submitted November 01, 2018 at 10:12PM by emididam
via reddit https://ift.tt/2SwhMeR
Telerik Blogs
On Cross-Site Scripting and Content Security Policy
Been considering your app's security this month? This Halloween, here's some security advice to help keep you safe from hackers and avoid any spooky surprises.
Why you should be auditing your users passwords
https://ift.tt/2CUpFoW
Submitted November 01, 2018 at 10:27PM by eth0izzle
via reddit https://ift.tt/2P3ELjn
https://ift.tt/2CUpFoW
Submitted November 01, 2018 at 10:27PM by eth0izzle
via reddit https://ift.tt/2P3ELjn
www.darkport.co.uk
darkport | Effortless Password Audits
Why you should be auditing your users passwords.
Semmle Discovers Six Critical Vulnerabilities Affecting Macs, iPhones, and iPads
https://ift.tt/2Q92Y49
Submitted November 02, 2018 at 01:25AM by QuirkySpiceBush
via reddit https://ift.tt/2RuXyRo
https://ift.tt/2Q92Y49
Submitted November 02, 2018 at 01:25AM by QuirkySpiceBush
via reddit https://ift.tt/2RuXyRo
Semmle
Semmle Discovers Six Critical Vulnerabilities Affecting Macs, iPhones, and iPads
Today, Apple announced a series of critical remote code execution vulnerabilities in Apple’s XNU operating system kernel. XNU is the kernel of macOS, iOS, and other Apple operating systems, which run on more than 1.3 billion devices globally. The vulnerabilities…
CVE-2018-5407: new side-channel vulnerability on SMT/Hyper-Threading architectures
https://ift.tt/2DfVlpV
Submitted November 02, 2018 at 05:03AM by midael
via reddit https://ift.tt/2EYNKO2
https://ift.tt/2DfVlpV
Submitted November 02, 2018 at 05:03AM by midael
via reddit https://ift.tt/2EYNKO2
seclists.org
oss-sec: CVE-2018-5407: new side-channel vulnerability on SMT/Hyper-Threading architectures
CVE-2018-11759 – Apache mod_jk access control bypass
https://ift.tt/2qpAhof
Submitted November 02, 2018 at 01:44PM by Nitr4x
via reddit https://ift.tt/2EYpsno
https://ift.tt/2qpAhof
Submitted November 02, 2018 at 01:44PM by Nitr4x
via reddit https://ift.tt/2EYpsno
U.S. ISBN registry ran "unauthorized code" on its checkout page for nearly 6 months
https://ift.tt/ST3Kzo
Submitted November 02, 2018 at 05:46PM by ilamont
via reddit https://ift.tt/2qoPfuP
https://ift.tt/ST3Kzo
Submitted November 02, 2018 at 05:46PM by ilamont
via reddit https://ift.tt/2qoPfuP
reddit
r/netsec - U.S. ISBN registry ran "unauthorized code" on its checkout page for nearly 6 months
5 votes and 0 comments so far on Reddit
Pentesting in restricted VDI environments (Keyboard emulation + OCR)
https://ift.tt/2RuJdnR
Submitted November 02, 2018 at 06:50PM by gid0rah
via reddit https://ift.tt/2PzLqRv
https://ift.tt/2RuJdnR
Submitted November 02, 2018 at 06:50PM by gid0rah
via reddit https://ift.tt/2PzLqRv
Tarlogic Security - Cyber Security and Ethical hacking
Pentests in restricted VDI environments
A common scenario during an assessment or pentest is starting it from a VDI environment, focused towards "what could an insider or an attacker who has stolen a worker's credentials do". This type of environments usually have certain restrictions (major or…